Home / Spyware Help / Comrade Circle Ransomware Removal Guide

Comrade Circle Ransomware Removal Guide

by 0 Comments

Do you know what Comrade Circle Ransomware is?

We want to make you aware of a recently discovered ransomware called Comrade Circle Ransomware, a program designed to encrypt your personal files and demand that you pay money for the decryption key needed to decrypt them. You should refuse to comply and remove it instead because there is no guarantee that you will get the promised key or whether it will actually work. It was first discovered on 8 October 2016, so there is not a lot of information about it. Still we want to make you aware of the danger this program poses and how it may be distributed with the limited information that we do have.

At the time of this description, it is not known how this ransomware is distributed. Still, it is likely that, like so many other ransomware-type infections, Comrade Circle Ransomware is disseminated using malicious emails disguised as legitimate invoices, tax return forms, and so on. In such cases the email is likely to contain a malicious file attachment that, in the case of this particular malware, may be a malicious JavaScript file that would run a malicious script when opened and place this ransomware’s executable in its destined folder. Our research has revealed that this ransomware’s executable file is named 1.exe and is set to be dropped %TEMP%. Thus, since the file is dropped in %TEMP%, it is unlikely that the executable is distributed in a conventional zipped file archive that asks you where to extract the file.Comrade Circle Ransomware Removal GuideComrade Circle Ransomware screenshot
Scroll down for full removal instructions

Furthermore, once on your computer, it will launch automatically and begging doing its dirty work. To our surprise, Comrade Circle Ransomware uses the exact same method as Restore@protonmail.ch Ransomware to divert your attention from the fact that your files are being encrypted. Both of these programs render a fictitious update window with text that reads “Configuring critical Windows Updates” with a Windows 10-style running circle. Take note of the wording of the message that says “critical.” Windows never shows update messages with this word. You can close this screen mid-encryption by pressing Ctrl+Alt+Del, going to Task Manager and terminating 1.exe, but it will close automatically once the encryption is complete. Nevertheless, you can seize this window of opportunity and got to close this executable, if possible, and prevent all of your files from being encrypted.

In the even the encryption is complete uninterrupted, this ransomware will drop a ransom note named RESTORE-FILES![string of numbers].txt in each folder where a file was encrypted. Its developer wants you to pay a ransom of 2 BTC which is an approximate 1,200 USD. To do that you might have to contact this ransomware’s developer via BitMessage or the provided email address. However, we urge you not to pay the ransom because the developer might not send you the decryption key and decryption software once you have paid. Currently, we do not know what kind encryption method Comrade Circle Ransomware is designed to use, but it should be either the RSA or AES encryption algorithms or even both as the RSA is mostly used to encrypt the AES decryption key. In any case, the encryption method that is used may be hard to crack and some time will have to pass until malware researchers come up with a way to decrypt the files for free.

We hope that this article has shed some light on this newly released ransomware. It is dangerous like any other program and can render your personal files inaccessible and you may be tempted to pay the outrageous ransom for your most cherished photos and videos that it might have encrypted. Since there is no guarantee that you will get your files back, we suggest that you remove it using our removal guide or SpyHunter, a program that is able to detect and delete it.

Remove this ransomware manually

  1. Press Windows+E keys.
  2. Type %TEMP% in the address box of File Explorer and hit Enter.
  3. Locate 1.exe, right-click it and click Delete.
  4. Then, go to %USERPROFILE%\Downloads
  5. Delete the suspicious file that might have dropped 1.exe

In non-techie terms:

Comrade Circle Ransomware is a highly malicious program set to encrypt your files and demand that you pay money to get them decrypted. Its developers are after your money and there are no guarantees that the cyber criminal will send you the necessary software and key to decrypt them. Therefore, we suggest that you remove it using one of our proposed methods.